def check_password(user_id, password): """Returns true if the submitted password's hash matches the saved hash of the User's password.""" user = User.query.get(user_id) if user.password == hashulate(password): return True return False
def login(): """Logs the user in or creates a new user in the database.""" form = LoginForm(request.form) validates = request.method == 'POST' and form.validate() if validates: username = request.form.get('username') password = request.form.get('password') if not User.username_taken(username): user = User(username=username, password=hashulate(password)) db_session.add(user) db_session.commit() login_user(user) return redirect(request.args.get("next") or url_for("home")) elif User.check_password(User.id_from_name(username), request.form.get('password')): login_user(User(id=User.id_from_name(username))) return redirect(request.args.get("next") or url_for("home")) return render_template('login.html', form=form)